Help Preventing BackScatter and Sender Callouts
Hi all, We run Exchange 2007 on Windows 2003 machines. I recently found out we were on a blacklist (backscatterer.org). These guys put people on their black list for two reasons: 1. Backscatter 2. Sender Callouts To prevent backscatter one must ensure their email server sends Non-Delivery Reports to local users only. Unacceptable email from anywhere else should be rejected. I think I corrected this by doing the following: Within EMC I went to Organization Configuratoin -> Hub Transport -> Remote Domains tab -> properties on Default -> Format of original message sent as attachment to journal report tab -> un-checked allow non-delivery reports. Does this sound right? Is there more I have to do? I really haven't tweaked alot of the default Exchange settings and I want to be sure we no longer do backscatter. As far as sender callouts go, I'm still not sure what those are. Anybody have any info on them? Any help is appreciated.
September 25th, 2009 8:42pm
Hi,That's an option another option will be toadd the anti-spam agents to the hub server and configure the recipient filter to check if the user exists in the GAL. If the user does not exist in the GAL it will give the 550 5.1.1 User Unknown error. According to http://www.backscatterer.org/?target=backscatterthis should also be OK.Regards,Johanblog: www.johanveldhuis.nl
Free Windows Admin Tool Kit Click here and download it now
September 25th, 2009 9:14pm
Your best prevention against backscatter and getting yourself on blacklistsis to do recipient filtering against AD and not accept messages for users who do not exist:http://technet.microsoft.com/en-us/library/bb201691.aspxhttp://technet.microsoft.com/en-us/library/bb125187.aspx
September 25th, 2009 9:17pm
Yes that is correct. Correct steps for your reference
Open the Exchange Management Console
Expand the Organization Configuration folder
Click on Hub Transport
Select Remote Domains
Right-click the Default tab
Click on the Message Format
to turn off NDR's uncheck Allow non-delivery reports
Vinod
|CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
Free Windows Admin Tool Kit Click here and download it now
September 25th, 2009 9:17pm
to turn off NDR's uncheck Allow non-delivery reports
Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
I just stumbled upon this thread and would like to add some info:
disabling NDR's is not recommended. NDR's are part of the official mailstandards (in particular RFC 2821; see below). If you disable NDR's then your mailserver is not correctly configured and you might even get blacklisted because of malconfiguration (some
blacklists use this a one of their criteria).
Recipient filtering is therefore a better option. There might be scenario's where you might want to acknowledge that a user is indeed part of your organisation but reject later and send an NDR (f.e. when a user mailbox has reached maximum capacity).
I however have the same problem with a listing in backscatterer.org, even after enabling recipient filtering. This mechanism is therefore not fool-proof and I'm still searching for the hole in my system.
Regards,
Geert
RFC 2821, Section 3.7 - Relaying:
If an SMTP server has accepted the task of relaying the mail and
later finds that the destination is incorrect or that the mail cannot
be delivered for some other reason, then it MUST construct an
"undeliverable mail" notification message and send it to the
originator of the undeliverable mail (as indicated by the reverse-
path).
July 14th, 2010 4:45am